It’s something called ADS (Alternate Data Stream) which you can see as some kind of second hidden file content. Browsers create an ADS with name Zone.Identifier when downloading a file and attach it to the downloaded file. The content of the ADS is the information where the file was downloaded from, i.e. the Zone (3 for Internet) and usually the URL.
Programs and Windows usually use the existence of the Zone.Identifier to show you a warning that a file was downloaded and may pose a risk to your system when opening/exexuting it.
I download a file on Linux, and it has data, a filename, and some permission metadata. That’s it. It sounds like this metadata layer deserves all of the hacks that will come for it.
Most file systems have a very limited footprint of metadata. Static information. And they are usually following basic POSIX standards, to ensure that file transfers between mediums are as cross-compatible as possible.
This Alternative Data Stream is now creating this entirely new variable data stream for hackers to hide shit in. No longer can just you scan a file’s data to make sure nothing malicious is in there. Now you need complex logic to be able to both read this new stream, interpret the flags and other metadata, and take all of those different pieces of information and figure out if it’s even worth opening the damn file.
Data is data. Keep data in the data layer. Everything else is secondary, and should be kept tiny.
It’s something called ADS (Alternate Data Stream) which you can see as some kind of second hidden file content. Browsers create an ADS with name Zone.Identifier when downloading a file and attach it to the downloaded file. The content of the ADS is the information where the file was downloaded from, i.e. the Zone (3 for Internet) and usually the URL.
Programs and Windows usually use the existence of the Zone.Identifier to show you a warning that a file was downloaded and may pose a risk to your system when opening/exexuting it.
What the fuck is this arcane metadata bullshit?
I download a file on Linux, and it has data, a filename, and some permission metadata. That’s it. It sounds like this metadata layer deserves all of the hacks that will come for it.
deleted by creator
Most file systems have a very limited footprint of metadata. Static information. And they are usually following basic POSIX standards, to ensure that file transfers between mediums are as cross-compatible as possible.
This Alternative Data Stream is now creating this entirely new variable data stream for hackers to hide shit in. No longer can just you scan a file’s data to make sure nothing malicious is in there. Now you need complex logic to be able to both read this new stream, interpret the flags and other metadata, and take all of those different pieces of information and figure out if it’s even worth opening the damn file.
Data is data. Keep data in the data layer. Everything else is secondary, and should be kept tiny.
deleted by creator